#!/usr/bin/env python
# -*- coding:utf-8 -*-
import sys

sys.path.append('..')
from common_utils import CBBCommonUtils


def get_plugin_info():
    plugin_info = {
        "name": "centos_access_control_003 Default_permission_settings",
        "plugin_id": "centos_access_control_003",
        "plugin_type": "Access Control",
        "info": "[need to re-login] Check and set default permission settings",
        "level": "C",
        "module": "Safety reinforcement",
        "author": "fanyi",
        "keyword": "Safety reinforcement",
        "configable": "false",
    }
    return plugin_info


logger = None
cur_user = None
cur_module = None
cur_task = None

file_list = ["/etc/profile", "/etc/csh.cshrc", "/etc/csh.login", "/etc/bashrc", "/etc/bash.bashrc"]
tar_list = ["profile", "csh.cshrc", "csh.login", "bashrc", "bash.bashrc"]
flag_list = [0, 0, 0, 0, 0]


def set_plugin_logger(setter, user, module, task, *args, **kwargs):
    global logger, cur_user, cur_module, cur_task
    logger = setter
    cur_user = user
    cur_module = module
    cur_task = task


# 扫描函数
def scan(ip, sys_user, sys_pwd, flag=0):
    global flag_list
    des_list = []
    error_count = 0
    logger.debug_info(cur_user, cur_module, cur_task + '_Scan', '', "Scan Start.")

    warn_flag = 0
    for i, value in enumerate(file_list):
        # 获取当前umask设置
        cmd = "cat " + value + " | grep umask | grep -v \"#\""
        result, output = CBBCommonUtils.cbb_run_cmd(ip, cmd, username=sys_user, passwd=sys_pwd)
        # 检错，每次执行命令都会进行检错，并决定返回退出/继续执行
        if not result and len(output) != 0:
            for j, umask_value in enumerate(output):
                # 返回值格式化
                temp = umask_value.split()
                temp[1] = temp[1].replace("\n", "")
                # umask提示
                warn_flag = 0
                if j == 0 and temp[1] != "077":
                    error_count += 1
                    des = tar_list[i] + " User's umask is DANGEROUS. Now is {}.".format(temp[1])
                    logger.debug_warning(cur_user, cur_module, cur_task + '_Scan', '', des)
                elif j == 0 and temp[1] == "077":
                    des = tar_list[i] + " User's umask is SAFE. Now is {}.".format(temp[1])
                    warn_flag = 1
                    logger.debug_info(cur_user, cur_module, cur_task + '_Scan', '', des)
                elif j == 1 and temp[1] != "077":
                    error_count += 1
                    des = tar_list[i] + " Root's umask is DANGEROUS. Now is {}.".format(temp[1])
                    logger.debug_warning(cur_user, cur_module, cur_task + '_Scan', '', des)
                elif j == 1 and temp[1] == "077":
                    des = tar_list[i] + " Root's umask is SAFE. Now is {}.".format(temp[1])
                    warn_flag = 1
                    logger.debug_info(cur_user, cur_module, cur_task + '_Scan', '', des)
                elif j != 0 and j != 1 and temp[1] != "077":
                    error_count += 1
                    des = tar_list[i] + " Other's umask is DANGEROUS. Now is {}.".format(temp[1])
                    logger.debug_warning(cur_user, cur_module, cur_task + '_Scan', '', des)
                else:
                    des = tar_list[i] + " Other's umask is SAFE. Now is {}.".format(temp[1])
                    warn_flag = 1
                    logger.debug_info(cur_user, cur_module, cur_task + '_Scan', '', des)
                des_list.append(des)
                if warn_flag != 1:
                    flag_list[i] = 1
        elif not result and len(output) == 0:
            # 未发现umask提示
            um_des = tar_list[i] + " umask is NOT set."
            des_list.append(um_des)
            logger.debug_info(cur_user, cur_module, cur_task + '_Scan', '', um_des)
        elif "No such file" in result[0]:
            pass
        else:
            error_des = "CMD process ERROR. Error info: {}".format(result[0].replace("\n", ""))
            des_list.append(error_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Scan', '', error_des)
            error_count += 1
            return des_list, error_count
    des_list.append("Scan Complete.")
    logger.debug_info(cur_user, cur_module, cur_task + '_Scan', '', "Scan Complete.")

    # 是否加固
    if flag == 1 and flag_list[0] == 1:
        reinforce_des, reinforce_err = reinforcePro(ip, sys_user, sys_pwd)
        if reinforce_err == 0:
            error_count = 0
            des_list.extend(reinforce_des)
        else:
            error_count += 1
            des_list.extend(reinforce_des)

    if flag == 1 and flag_list[1] == 1:
        reinforce_des, reinforce_err = reinforceCsh(ip, sys_user, sys_pwd)
        if reinforce_err == 0:
            error_count = 0
            des_list.extend(reinforce_des)
        else:
            error_count += 1
            des_list.extend(reinforce_des)

    if flag == 1 and (flag_list[3] == 1 or flag_list[4] == 1):
        reinforce_des, reinforce_err = reinforceBsh(ip, sys_user, sys_pwd)
        if reinforce_err == 0:
            error_count = 0
            des_list.extend(reinforce_des)
        else:
            error_count += 1
            des_list.extend(reinforce_des)

    if flag == 1 and flag_list[2] == 1:
        reinforce_des, reinforce_err = reinforceLog(ip, sys_user, sys_pwd)
        if reinforce_err == 0:
            error_count = 0
            des_list.extend(reinforce_des)
        else:
            error_count += 1
            des_list.extend(reinforce_des)
    return des_list, error_count


# 加固函数
def reinforcePro(ip, sys_user, sys_pwd):
    des_list = []
    error_count = 0
    user_flag = 0
    root_flag = 0
    logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Profile Reinforce Start.")
    # 检查是否存在可能被覆盖的备份文件
    check_cmd = "ls /etc | grep profile.UM.`date +%Y-%m-%d`"
    check_result, check_output = CBBCommonUtils.cbb_run_cmd(ip, check_cmd, username=sys_user, passwd=sys_pwd)
    if not check_result and len(check_output) != 0:
        result = []
    else:
        cmd = "cp /etc/profile /etc/profile.UM.`date +%Y-%m-%d`"
        result, output = CBBCommonUtils.cbb_run_cmd(ip, cmd, username=sys_user, passwd=sys_pwd)
    if not result:
        # 检查是否备份成功
        check_cmd = "ls /etc | grep profile.UM.`date +%Y-%m-%d`"
        check_result, check_output = CBBCommonUtils.cbb_run_cmd(ip, check_cmd, username=sys_user, passwd=sys_pwd)
        if not check_result and len(check_output) != 0:
            logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Backup Succeed.")
        else:
            error_count += 1
            backup_check_des = "Backup check FAILED."
            des_list.append(backup_check_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', backup_check_des)
            return des_list, error_count
    else:
        error_count += 1
        backup_des = "Backup FAILED."
        des_list.append(backup_des)
        logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', backup_des)
        return des_list, error_count
    # 组装命令
    safe_cmd = "sed -i \'s/umask [0-6][0-6][0-6]/umask 077/\' /etc/profile"
    # 修改对应行的内容
    result, output = CBBCommonUtils.cbb_run_cmd(ip, safe_cmd, username=sys_user, passwd=sys_pwd)
    if not result:
        # 检查是否修改成功
        check_re_cmd = "cat /etc/profile | grep umask | grep -v default"
        result, output = CBBCommonUtils.cbb_run_cmd(ip, check_re_cmd, username=sys_user, passwd=sys_pwd)
        if not result and len(output) != 0:
            # 返回值格式化，去除不需要的内容/符号
            user_output = output[0].split()
            root_output = output[1].split()
            user_output[1] = user_output[1].replace("\n", "")
            root_output[1] = root_output[1].replace("\n", "")
            # umask提示
            if user_output[1] != "077":
                user_flag = 1
            else:
                user_des = "Profile User's umask is SAFE. Now is {}.".format(user_output[1])
            if root_output[1] != "077":
                root_flag = 1
            else:
                root_des = "Profile Root's umask is SAFE. Now is {}.".format(root_output[1])
            if user_flag == 0 and root_flag == 0:
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', user_des)
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', root_des)
                des_list.append("Profile Reinforce Complete.")
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Profile Reinforce Complete.")
                return des_list, error_count
            # 加固失败提示
            reinforce_des = "Profile Reinforce FAILED."
            error_count += 1
            des_list.append(reinforce_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', reinforce_des)
            # 加固不成功，回滚
            rollback_des, rollback_err = rollback(ip, sys_user, sys_pwd)
            if rollback_err == 0:
                des_list.extend(rollback_des)
            else:
                error_count += 1
                des_list.extend(rollback_des)
            return des_list, error_count
        else:
            error_des = "CMD process ERROR. Error info: {}".format(result[0].replace("\n", ""))
            des_list.append(error_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', error_des)
            error_count += 1
            return des_list, error_count
    else:
        error_count += 1
        des = "Profile Reinforce FAILED."
        des_list.append(des)
        logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', des)
        # 加固失败，回滚
        rollback_des, rollback_err = rollback(ip, sys_user, sys_pwd)
        if rollback_err == 0:
            des_list.extend(rollback_des)
        else:
            error_count += 1
            des_list.extend(rollback_des)
        return des_list, error_count


# 加固函数
def reinforceCsh(ip, sys_user, sys_pwd):
    des_list = []
    error_count = 0
    user_flag = 0
    root_flag = 0
    logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Csh.cshrc Reinforce Start.")
    # 检查是否存在可能被覆盖的备份文件
    check_cmd = "ls /etc | grep csh.cshrc.UM.`date +%Y-%m-%d`"
    check_result, check_output = CBBCommonUtils.cbb_run_cmd(ip, check_cmd, username=sys_user, passwd=sys_pwd)
    if not check_result and len(check_output) != 0:
        result = []
    else:
        cmd = "cp /etc/csh.cshrc /etc/csh.cshrc.UM.`date +%Y-%m-%d`"
        result, output = CBBCommonUtils.cbb_run_cmd(ip, cmd, username=sys_user, passwd=sys_pwd)
    if not result:
        # 检查是否备份成功
        check_cmd = "ls /etc | grep csh.cshrc.UM.`date +%Y-%m-%d`"
        check_result, check_output = CBBCommonUtils.cbb_run_cmd(ip, check_cmd, username=sys_user, passwd=sys_pwd)
        if not check_result and len(check_output) != 0:
            logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Backup Succeed.")
        else:
            error_count += 1
            backup_check_des = "Backup check FAILED."
            des_list.append(backup_check_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', backup_check_des)
            return des_list, error_count
    else:
        error_count += 1
        backup_des = "Backup FAILED."
        des_list.append(backup_des)
        logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', backup_des)
        return des_list, error_count
    # 组装命令
    safe_cmd = "sed -i \'s/umask [0-6][0-6][0-6]/umask 077/\' /etc/csh.cshrc"
    # 修改对应行的内容
    result, output = CBBCommonUtils.cbb_run_cmd(ip, safe_cmd, username=sys_user, passwd=sys_pwd)
    if not result:
        # 检查是否修改成功
        check_re_cmd = "cat /etc/csh.cshrc | grep umask | grep -v default"
        result, output = CBBCommonUtils.cbb_run_cmd(ip, check_re_cmd, username=sys_user, passwd=sys_pwd)
        if not result and len(output) != 0:
            # 返回值格式化，去除不需要的内容/符号
            user_output = output[0].split()
            root_output = output[1].split()
            user_output[1] = user_output[1].replace("\n", "")
            root_output[1] = root_output[1].replace("\n", "")
            # umask提示
            if user_output[1] != "077":
                user_flag = 1
            else:
                user_des = "Csh.cshrc User's umask is SAFE. Now is {}.".format(user_output[1])
            if root_output[1] != "077":
                root_flag = 1
            else:
                root_des = "Csh.cshrc Root's umask is SAFE. Now is {}.".format(root_output[1])
            if user_flag == 0 and root_flag == 0:
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', user_des)
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', root_des)
                des_list.append("Csh.cshrc Reinforce Complete.")
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Csh.cshrc Reinforce Complete.")
                return des_list, error_count
            # 加固失败提示
            reinforce_des = "Csh.cshrc Reinforce FAILED."
            error_count += 1
            des_list.append(reinforce_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', reinforce_des)
            # 加固不成功，回滚
            rollback_des, rollback_err = rollback(ip, sys_user, sys_pwd)
            if rollback_err == 0:
                des_list.extend(rollback_des)
            else:
                error_count += 1
                des_list.extend(rollback_des)
            return des_list, error_count
        else:
            error_des = "CMD process ERROR. Error info: {}".format(result[0].replace("\n", ""))
            des_list.append(error_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', error_des)
            error_count += 1
            return des_list, error_count
    else:
        error_count += 1
        des = "Csh.cshrc Reinforce FAILED."
        des_list.append(des)
        logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', des)
        # 加固失败，回滚
        rollback_des, rollback_err = rollback(ip, sys_user, sys_pwd)
        if rollback_err == 0:
            des_list.extend(rollback_des)
        else:
            error_count += 1
            des_list.extend(rollback_des)
        return des_list, error_count


# 加固函数
def reinforceBsh(ip, sys_user, sys_pwd):
    des_list = []
    error_count = 0
    user_flag = 0
    root_flag = 0
    logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Bashrc Reinforce Start.")
    # 确定目标文件
    if flag_list[3] == 1:
        tar_file = tar_list[3]
    else:
        tar_file = tar_list[4]
    # 检查是否存在可能被覆盖的备份文件
    check_cmd = "ls /etc | grep " + tar_file + ".UM.`date +%Y-%m-%d`"
    check_result, check_output = CBBCommonUtils.cbb_run_cmd(ip, check_cmd, username=sys_user, passwd=sys_pwd)
    if not check_result and len(check_output) != 0:
        result = []
    else:
        cmd = "cp /etc/" + tar_file + " /etc/" + tar_file + ".UM.`date +%Y-%m-%d`"
        result, output = CBBCommonUtils.cbb_run_cmd(ip, cmd, username=sys_user, passwd=sys_pwd)
    if not result:
        # 检查是否备份成功
        check_cmd = "ls /etc | grep " + tar_file + ".UM.`date +%Y-%m-%d`"
        check_result, check_output = CBBCommonUtils.cbb_run_cmd(ip, check_cmd, username=sys_user, passwd=sys_pwd)
        if not check_result and len(check_output) != 0:
            logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Backup Succeed.")
        else:
            error_count += 1
            backup_check_des = "Backup check FAILED."
            des_list.append(backup_check_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', backup_check_des)
            return des_list, error_count
    else:
        error_count += 1
        backup_des = "Backup FAILED."
        des_list.append(backup_des)
        logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', backup_des)
        return des_list, error_count
    # 组装命令
    safe_cmd = "sed -i \'s/umask [0-6][0-6][0-6]/umask 077/\' /etc/" + tar_file
    result, output = CBBCommonUtils.cbb_run_cmd(ip, safe_cmd, username=sys_user, passwd=sys_pwd)
    if not result:
        # 检查是否修改成功
        check_re_cmd = "cat /etc/" + tar_file + " | grep umask | grep -v default"
        result, output = CBBCommonUtils.cbb_run_cmd(ip, check_re_cmd, username=sys_user, passwd=sys_pwd)
        if not result and len(output) != 0:
            # 返回值格式化，去除不需要的内容/符号
            user_output = output[0].split()
            root_output = output[1].split()
            user_output[1] = user_output[1].replace("\n", "")
            root_output[1] = root_output[1].replace("\n", "")
            # umask提示
            if user_output[1] != "077":
                user_flag = 1
            else:
                user_des = "Bashrc User's umask is SAFE. Now is {}.".format(user_output[1])
            if root_output[1] != "077":
                root_flag = 1
            else:
                root_des = "Bashrc Root's umask is SAFE. Now is {}.".format(root_output[1])
            if user_flag == 0 and root_flag == 0:
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', user_des)
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', root_des)
                des_list.append("Bashrc Reinforce Complete.")
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Bashrc Reinforce Complete.")
                return des_list, error_count
            # 加固失败提示
            reinforce_des = "Bashrc Reinforce FAILED."
            error_count += 1
            des_list.append(reinforce_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', reinforce_des)
            # 加固不成功，回滚
            rollback_des, rollback_err = rollback(ip, sys_user, sys_pwd)
            if rollback_err == 0:
                des_list.extend(rollback_des)
            else:
                error_count += 1
                des_list.extend(rollback_des)
            return des_list, error_count
        else:
            error_des = "CMD process ERROR. Error info: {}".format(result[0].replace("\n", ""))
            des_list.append(error_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', error_des)
            error_count += 1
            return des_list, error_count
    else:
        error_count += 1
        des = "Bashrc Reinforce FAILED."
        des_list.append(des)
        logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', des)
        # 加固失败，回滚
        rollback_des, rollback_err = rollback(ip, sys_user, sys_pwd)
        if rollback_err == 0:
            des_list.extend(rollback_des)
        else:
            error_count += 1
            des_list.extend(rollback_des)
        return des_list, error_count


# 加固函数
def reinforceLog(ip, sys_user, sys_pwd):
    des_list = []
    error_count = 0
    logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Csh.login Reinforce Start.")
    # 检查是否存在可能被覆盖的备份文件
    check_cmd = "ls /etc | grep csh.login.UM.`date +%Y-%m-%d`"
    check_result, check_output = CBBCommonUtils.cbb_run_cmd(ip, check_cmd, username=sys_user, passwd=sys_pwd)
    if not check_result and len(check_output) != 0:
        result = []
    else:
        cmd = "cp /etc/csh.login /etc/csh.login.UM.`date +%Y-%m-%d`"
        result, output = CBBCommonUtils.cbb_run_cmd(ip, cmd, username=sys_user, passwd=sys_pwd)
    if not result:
        # 检查是否备份成功
        check_cmd = "ls /etc | grep csh.login.UM.`date +%Y-%m-%d`"
        check_result, check_output = CBBCommonUtils.cbb_run_cmd(ip, check_cmd, username=sys_user, passwd=sys_pwd)
        if not check_result and len(check_output) != 0:
            logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Backup Succeed.")
        else:
            error_count += 1
            backup_check_des = "Backup check FAILED."
            des_list.append(backup_check_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', backup_check_des)
            return des_list, error_count
    else:
        error_count += 1
        backup_des = "Backup FAILED."
        des_list.append(backup_des)
        logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', backup_des)
        return des_list, error_count
    # 组装命令
    safe_cmd = "sed -i \'s/umask [0-6][0-6][0-6]/umask 077/\' /etc/csh.login"
    # 修改对应行的内容
    result, output = CBBCommonUtils.cbb_run_cmd(ip, safe_cmd, username=sys_user, passwd=sys_pwd)
    if not result:
        # 检查是否修改成功
        check_re_cmd = "cat /etc/csh.login | grep umask | grep -v default"
        result, output = CBBCommonUtils.cbb_run_cmd(ip, check_re_cmd, username=sys_user, passwd=sys_pwd)
        if not result and len(output) != 0:
            # 返回值格式化，去除不需要的内容/符号
            user_output = output[0].split()
            user_output[1] = user_output[1].replace("\n", "")
            # umask提示
            if user_output[1] == "077":
                user_des = "Csh.login umask is SAFE. Now is {}.".format(user_output[1])
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', user_des)
                des_list.append("Csh.login Reinforce Complete.")
                logger.debug_info(cur_user, cur_module, cur_task + '_Reinforce', '', "Csh.login Reinforce Complete.")
                return des_list, error_count
            # 加固失败提示
            reinforce_des = "Csh.login Reinforce FAILED."
            error_count += 1
            des_list.append(reinforce_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', reinforce_des)
            # 加固不成功，回滚
            rollback_des, rollback_err = rollback(ip, sys_user, sys_pwd)
            if rollback_err == 0:
                des_list.extend(rollback_des)
            else:
                error_count += 1
                des_list.extend(rollback_des)
            return des_list, error_count
        else:
            error_des = "CMD process ERROR. Error info: {}".format(result[0].replace("\n", ""))
            des_list.append(error_des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', error_des)
            error_count += 1
            return des_list, error_count
    else:
        error_count += 1
        des = "Csh.login Reinforce FAILED."
        des_list.append(des)
        logger.debug_error(cur_user, cur_module, cur_task + '_Reinforce', '', des)
        # 加固失败，回滚
        rollback_des, rollback_err = rollback(ip, sys_user, sys_pwd)
        if rollback_err == 0:
            des_list.extend(rollback_des)
        else:
            error_count += 1
            des_list.extend(rollback_des)
        return des_list, error_count


def rollback(ip, sys_user, sys_pwd):
    des_list = []
    error_count = 0
    logger.debug_info(cur_user, cur_module, cur_task + '_Rollback', '', "Rollback Start.")
    for i, value in enumerate(file_list):
        grep_cmd = "ls /etc/ | grep " + tar_list[i] + ".UM.*"
        result, output = CBBCommonUtils.cbb_run_cmd(ip, grep_cmd, username=sys_user, passwd=sys_pwd)
        if not result and len(output) != 0:
            target = output[len(output) - 1].replace("\n", "")
            cmd = "/bin/cp -rf /etc/" + target + " " + file_list[i]
        else:
            error_count = -1
            des_list.append(tar_list[i] + " Backup file NOT FOUND.")
            logger.debug_error(cur_user, cur_module, cur_task + '_Rollback', '',
                               tar_list[i] + " Backup file not found.")
            continue
        # 回滚文件，
        result, output = CBBCommonUtils.cbb_run_cmd(ip, cmd, username=sys_user, passwd=sys_pwd)
        if not result:
            del_cmd = "rm -rf /etc/" + target
            # 删除对应的备份文件
            result, output = CBBCommonUtils.cbb_run_cmd(ip, del_cmd, username=sys_user, passwd=sys_pwd)
            if not result:
                del_des = tar_list[i] + " Backup file deleted. Target is {}.".format(target)
                logger.debug_info(cur_user, cur_module, cur_task + '_Rollback', '', del_des)
            else:
                error_count += 1
                del_des = tar_list[i] + " Backup file delete FAILED."
                des_list.append(del_des)
                logger.debug_error(cur_user, cur_module, cur_task + '_Rollback', '', del_des)
                return des_list, error_count
        else:
            error_count += 1
            des = tar_list[i] + " Rollback FAILED, please retry."
            des_list.append(des)
            logger.debug_error(cur_user, cur_module, cur_task + '_Rollback', '', des)
            return des_list, error_count
        des_list.append(tar_list[i] + " Rollback Complete.")
        logger.debug_info(cur_user, cur_module, cur_task + '_Rollback', '', tar_list[i] + " Rollback Complete.")
    des_list.append("Rollback Complete.")
    logger.debug_info(cur_user, cur_module, cur_task + '_Rollback', '', "Rollback Complete.")
    return des_list, error_count


def check(ip, *args, **kwargs):
    sys_user = kwargs.get("system_user")
    sys_pwd = kwargs.get("system_pwd")
    comm = kwargs.get("command")
    try:
        des_list = []
        logger.debug_info(cur_user, cur_module, cur_task + '_Check', '', "centos_access_control_003 Start")
        if comm == 1:
            des_scan, error_scan = scan(ip, sys_user, sys_pwd, flag=0)
            des_list.extend(des_scan)
            step_error = int(error_scan)
        elif comm == 2:
            des_reinforce, error_reinforce = scan(ip, sys_user, sys_pwd, flag=1)
            des_list.extend(des_reinforce)
            step_error = int(error_reinforce)
        elif comm == 3:
            des_rollback, error_rollback = rollback(ip, sys_user, sys_pwd)
            des_list.extend(des_rollback)
            step_error = int(error_rollback)
        else:
            return {"code": 3, "count": 0, "des": ['command must be 1/2/3']}
        logger.debug_info(cur_user, cur_module, cur_task + '_Check', '', "centos_access_control_003 Complete")
        if step_error == 0:
            code = 0
        elif step_error <= -1:
            code = 2
        else:
            code = 1
        return {"code": code, "count": step_error, "des": des_list}
    except Exception as er:
        code = 1
        des = ["ERROR:", str(er)]
        logger.debug_error(cur_user, cur_module, cur_task + '_Check', '', des)
        return {"code": code, "count": 0, "des": des}

# check(ip="100.2.91.150", system_user="root", system_pwd="admin", command=0, flag=0)
